updated 05:01 pm EDT, Mon October 15, 2012
Loozfon and FinFisher cited as active malware concerns
The Federal Bureau of Investigation's Internet Crime Complaint Center (IC3) has issued a warning to owners of Android-powered devices that their phones may be susceptible to attack by malware and spyware. The IC3 notes that it has received complaints regarding Loozfon and Finfisher, both of which are transmitted when users are directed to malicious sites. The two malware programs steal contact information and are capable of executing code remotely.
Loozfon is an information-stealing form of malware. The IC3 notes that one version of the malware is propagated through a work-at-home opportunity advertisement or email that directs a user to a malicious site that installs Loozfon. Once installed, the malware steals contact details from a user's address book.
FinFisher is spyware capable of remotely controlling a mobile device. It is transmitted when a user visits a specific web link or opens a text message disguised as a system update.
The IC3 gives multiple recommendations for avoiding contact with these and other malware programs. Android phone users are encouraged to review the terms of service for apps they download, and to keep their devices from connecting to unknown wireless networks, among other recommendations.
Malware has been an increasing concern on Google's Android platform, and the company has previously built in a cloud-based malware scanner to stop malicious apps from being propagated through its Play Store. More recently, code in an Android update appeared to reveal that Google was working on a malware scanner that will be installed directly on devices.